lain
a4afeed426
Uploads: Sandbox them in the CSP.
2020-05-01 01:37:26 +03:00
Mark Felder
8cf4e1619e
Fix Oban not receiving :ok from RichMediaHelper job
2020-05-01 01:11:51 +03:00
Ivan Tashkinov
862d4886c9
[ #1682 ] Fixed Basic Auth permissions issue by disabling OAuth scopes checks when password is provided. Refactored plugs skipping functionality.
2020-05-01 01:00:37 +03:00
rinpatch
da4923f2e5
Merge branch 'authenticated-api-oauth-check-enforcement' into 'develop'
...
Enforcement of OAuth scopes check for authenticated API endpoints
See merge request pleroma/pleroma!2349
2020-05-01 00:58:40 +03:00
lain
1ebf8db2a5
Merge branch 'fix-object_age_policy' into 'develop'
...
Fix ObjectAgePolicy
See merge request pleroma/pleroma!2404
2020-05-01 00:55:37 +03:00
Haelwenn
2ff3b85326
Merge branch 'bugfix/1670-user-count' into 'develop'
...
Stats: Ignore internal users for user count.
Closes #1670
See merge request pleroma/pleroma!2414
2020-05-01 00:55:37 +03:00
Haelwenn
bf4b5f3856
Merge branch 'fix/follow-and-blocks-import' into 'develop'
...
Fix follower/blocks import when nicknames starts with @
Closes #1698
See merge request pleroma/pleroma!2416
2020-05-01 00:55:37 +03:00
lain
2e58fe08cd
CommonAPI: Don't make repeating announces possible
2020-05-01 00:55:34 +03:00
Alex Gleason
6e0b046771
Let blob: pass CSP
2020-05-01 00:40:09 +03:00
eugenijm
78391a00c5
Mastodon API: do not create a following relationship if the corresponding follow request doesn't exist when calling POST /api/v1/follow_requests/:id/authorize
2020-05-01 00:39:23 +03:00
rinpatch
61889e00fc
Deactivate local users on deletion instead of deleting the record
...
Prevents the possibility of re-registration, which allowed to read
DMs of the deleted account.
Also includes a migration that tries to find any already deleted
accounts and insert skeletons for them.
Closes pleroma/pleroma#1687
2020-05-01 00:38:58 +03:00
rinpatch
94240cac4e
Merge branch 'fix-auto-link-for-profile-fields' into 'develop'
...
Use Pleroma.Formatter.linkify/2 instead
See merge request pleroma/pleroma!2352
2020-04-08 00:29:19 +03:00
Haelwenn
b0a9a02af3
Merge branch 'feature/funkwhale-audio' into 'develop'
...
Add support for funkwhale Audio activity
Closes #764 and #1624
See merge request pleroma/pleroma!2287
2020-04-02 23:00:23 +03:00
Haelwenn
01a3f145d5
Merge branch 'bugfix/funkwhale-channel' into 'develop'
...
Fix profile url for funkwhale channels, removes one source_data use
Closes #1653
See merge request pleroma/pleroma!2333
2020-04-02 22:55:09 +03:00
rinpatch
e99e2a86af
Merge branch 'bugfix/profile-bio-newline' into 'develop'
...
AccountView: fix for other forms of <br> in bio
Closes #1643
See merge request pleroma/pleroma!2322
2020-03-31 13:42:02 +03:00
lain
c4d3ccc7b9
Merge branch 'admin-api-change-password' into 'develop'
...
Admin API: `PATCH /api/pleroma/admin/users/:nickname/update_credentials`
See merge request pleroma/pleroma!2149
2020-03-31 13:41:47 +03:00
10b7b2b4a4
Merge branch 'fix/activity-deletion' into 'develop'
...
Fix activity deletion
Closes #1640
See merge request pleroma/pleroma!2328
2020-03-31 13:40:28 +03:00
rinpatch
0e92aa0025
Merge branch '1364-notifications-sending-control' into 'develop'
...
[#1364 ] Ability to opt-out of notifications (in all clients)
Closes #1364
See merge request pleroma/pleroma!2301
2020-03-31 13:39:58 +03:00
rinpatch
c46d035f7b
rate limiter: disable based on if remote ip was found, not on if the plug was enabled
...
The current rate limiter disable logic won't trigger when the remote ip
is not forwarded, only when the remoteip plug is not enabled, which is
not the case on most instances since it's enabled by default. This
changes the behavior to warn and disable when the remote ip was not forwarded,
even if the RemoteIP plug is enabled.
Also closes #1620
2020-03-16 00:15:21 +03:00
rinpatch
9d09755291
rip out fetch_initial_posts
...
Every time someone tries to use it, it goes mad and tries to scrape the
entire fediverse for no visible reason, it's better to just remove it
than continue shipping it in it's current state.
idea acked by lain and feld on irc
Closes #1595 #1422
2020-03-16 00:15:11 +03:00
rinpatch
fcf51a77ba
Merge branch 'features/staticfe-sanitization' into 'develop'
...
static_fe: Sanitize HTML
Closes #1614
See merge request pleroma/pleroma!2299
2020-03-16 00:14:04 +03:00
Haelwenn (lanodan) Monnier
306d633b40
pleroma_api_controller.ex: Improve conversations error reporting
...
Related: https://git.pleroma.social/pleroma/pleroma/issues/1594
2020-03-15 17:01:33 +03:00
rinpatch
0b823755a2
Merge branch 'fix/cache-control-headers' into 'develop'
...
Fix Cache Control headers on media
See merge request pleroma/pleroma!2295
2020-03-15 17:01:04 +03:00
Haelwenn (lanodan) Monnier
3f54215219
auth_controller.ex: Add admin scope to MastoFE
...
Related: https://git.pleroma.social/pleroma/pleroma/issues/1265
2020-03-15 17:00:41 +03:00
Egor Kislitsyn
ffd636f109
Fix hashtags WebSocket streaming
2020-03-15 17:00:18 +03:00
Phil Hagelberg
bd80ff9a6c
Fix static FE plug to handle missing Accept header.
2020-03-15 17:00:06 +03:00
Haelwenn (lanodan) Monnier
5f9fbd7d33
Formatting: Do not use \n and prefer <br> instead
...
It moves bbcode to bbcode_pleroma as the former is owned by kaniini
and transfering ownership wasn't done in a timely manner.
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1374
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1375
2020-03-15 16:59:52 +03:00
rinpatch
80bc8c2cc9
Revert "Set better Cache-Control header for static content"
...
On furher investigation it seems like all that did was cause unintuitive
behavior. The emoji request flood that was the reason for introducing it
isn't really that big of a deal either, since Plug.Static only needs to
read file modification time and size to determine the ETag.
Closes #1613
2020-03-15 16:59:39 +03:00
e7837bc14e
Merge branch 'fix/signup-without-email' into 'develop'
...
Allow account registration without an email
See merge request pleroma/pleroma!2246
2020-03-15 16:58:51 +03:00
Mark Felder
f8dc597c51
Fix enforcement of character limits
2020-03-15 16:58:13 +03:00
rinpatch
423cfaf141
Merge branch 'fix/1610-release-compilation-config-fix' into 'develop'
...
Merging default release config on app start
Closes #1610
See merge request pleroma/pleroma!2288
2020-03-15 16:57:59 +03:00
Alexander Strizhakov
7cf7083076
relay list shows hosts without accepted follow
2020-03-15 16:55:20 +03:00
rinpatch
6cf1958b02
moderation log: fix improperly migrated data
...
Some of the actions used to have a user map as a subject, which was then
changed to an array of user maps. However instead of migrating old data
there was just a hack to transform it every time, moreover this hack
didn't include all possible actions, which resulted in crashes. This
commit fixes the crashes by introducing a proper database migration for old data.
Closes #1606
2020-03-07 17:00:58 +03:00
Alexander Strizhakov
474ef512df
wait in mix task while pleroma is rebooted
2020-03-07 16:02:55 +03:00
lain
47604907c9
Merge branch 'proper_error_messages' into 'develop'
...
MastodonController: Return 404 errors correctly.
See merge request pleroma/pleroma!2270
2020-03-05 11:49:51 +00:00
Haelwenn
927079e2ff
Merge branch 'fix/stats-on-startup' into 'develop'
...
Generate instance stats on startup
Closes #1598
See merge request pleroma/pleroma!2271
2020-03-05 07:25:23 +00:00
Mark Felder
cdb05633a6
Generate instance stats on startup
2020-03-04 13:33:26 -06:00
9b740cfb23
Merge branch 'exclude-reblogs-from-admin-api-by-default' into 'develop'
...
Exclude reblogs from `GET /api/pleroma/admin/statuses` by default
Closes #1596
See merge request pleroma/pleroma!2267
2020-03-04 18:22:37 +00:00
lain
4bce13fa2f
MastodonController: Return 404 errors correctly.
2020-03-04 18:09:06 +01:00
lain
6f7a8c43a2
Merge branch 'fix/no-email-no-fail' into 'develop'
...
Do not fail when user has no email
See merge request pleroma/pleroma!2249
2020-03-04 12:43:06 +00:00
Mark Felder
05da5f5cca
Update Copyrights
2020-03-03 16:44:49 -06:00
eugenijm
7af431c150
Exclude reblogs from GET /api/pleroma/admin/statuses
by default
2020-03-02 16:47:31 +03:00
Haelwenn
764a50f8a6
Merge branch 'feature/1482-activity_pub_transactions' into 'develop'
...
ActivityPub actions & side-effects in transaction
Closes #1482
See merge request pleroma/pleroma!2089
2020-03-02 07:58:01 +00:00
Haelwenn (lanodan) Monnier
6da6540036
Bump copyright years of files changed after 2020-01-07
...
Done via the following command:
git diff fcd5dd259a
--stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
Alexander Strizhakov
34f1d09f3a
spec fix
2020-03-01 12:01:39 +03:00
Alexander Strizhakov
ba87ed7335
fix for compiling
2020-03-01 12:01:39 +03:00
Alexander Strizhakov
32d1e04817
ActivityPub actions & side-effects in transaction
2020-03-01 12:01:39 +03:00
rinpatch
b5465bf385
timeline controller: add a TODO for replacing copypaste with a macro
2020-03-01 02:03:46 +03:00
rinpatch
ffcebe7e22
timeline controller: rate limit timelines to 3 requests per 500ms per timeline per ip/user
2020-03-01 01:13:08 +03:00
rinpatch
4d416343fa
rate limiter: Fix a race condition
...
When multiple requests are processed by rate limiter plug at the same
time and the bucket is not yet initialized, both would try to initialize
the bucket resulting in an internal server error.
2020-03-01 01:13:07 +03:00